# Assess Vendor Risk and Due Diligence

Sprinto enables you to assess each vendor’s risk profile through configurable risk scoring and guided due diligence workflows. These tools help you determine whether a vendor poses a compliance threat and ensure that appropriate controls are in place.

You can score vendor risk, perform due diligence manually or with Sprinto AI, and maintain audit-ready documentation for all high-risk vendors.

***

#### 1. Score Vendor Risk

Each vendor is automatically assigned a risk score based on Sprinto’s predefined risk factors. You can customise this scoring logic under the **Configuration** tab.

**Risk scoring factors include:**

* Type of data shared (e.g., cardholder data, credentials, customer PII)
* Access to company systems (e.g., databases, production environments)
* Operational impact (e.g., business-critical, internal tools)

**Steps to score risk:**

1. Go to **All vendors** and click a vendor name.
2. Open the **Risk score** tab.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FvjbEehVKtX0IF7rTfscO%2FScreenshot%202025-10-07%20at%2015.45.37.png?alt=media&#x26;token=7a4aff3d-6f1f-48a9-bc1d-b879719edc95" alt="" width="563"><figcaption></figcaption></figure>

3. For each risk factor, click **Add value** or **Edit**.
4. Select appropriate responses from the dropdown.
5. Click **Add risk factor values** after completing all required fields.
6. Choose to:
   * Use Sprinto’s auto-computed risk level, or
   * Override and define your own risk level

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FO0Ec8TlRbdfVuVGs8gBQ%2FScreenshot%202025-10-07%20at%2015.47.48.png?alt=media&#x26;token=6da00a6d-2c1c-42f9-b668-ca725b726862" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
Vendors without a completed risk score appear under the "Unscored" status filter.
{% endhint %}

***

#### 2. Perform Due Diligence

Due diligence is mandatory for vendors classified as **High risk**. Sprinto supports manual method.

**Steps:**

1. Navigate to the vendor profile and open the **Due diligence** tab.
2. Click p**erform due diligence**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FjH6TsbmRiC4EhmK3ghrC%2FScreenshot%202025-10-07%20at%2015.49.58.png?alt=media&#x26;token=e002e08b-077e-46b6-b175-9f1964e0b94e" alt="" width="563"><figcaption></figcaption></figure>

3. Upload relevant security documents (for example, SOC 2 reports, ISO certificates and so on).
4. Add notes and findings.
5. Under the **Review vendor documents and complete due diligence** section, you can select eother:
   1. Vendor meets necessary security requirements.
   2. Manually review vendor documents and add notes.
6. If you select the second option, you will need to add additional notes for your manual review.
7. Click **Complete due diligence** to finish the process.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FTxwzJ22XFD7aNWu3GlUj%2FScreenshot%202025-10-07%20at%2015.54.28.png?alt=media&#x26;token=9ea179b0-0576-44c7-87d9-2a21ed855aac" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
You can resume an incomplete due diligence session at any time.
{% endhint %}

***

#### 3. Upload or Request Security Documents

You can upload security documents manually or request them directly from the vendor.

**To upload manually:**

1. Go to the **Documents & links** tab in the vendor profile.
2. Click **Add docs/links**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FFiMtOD4VOnwoeGafD3fh%2FScreenshot%202025-10-07%20at%2015.58.00.png?alt=media&#x26;token=342b1764-8e54-4005-b1da-6d665790beb6" alt="" width="563"><figcaption></figcaption></figure>

3. Choose a document/link type.
4. Select the check box you wish to add:
   * Attach a file
   * Add a URL
5. Click **Add another document/link** if you wish to add additional documents/links.
6. Click **Save**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FNBnZm3JHG7Qv0hIEUacH%2FScreenshot%202025-10-07%20at%2016.03.00.png?alt=media&#x26;token=b80b9888-c668-46d2-b768-df985fcb756c" alt="" width="563"><figcaption></figcaption></figure>

**To request from a vendor:**

1. Click **Request docs from vendor** in the same tab.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2Fz6aTJOlcisv4kINNcdV9%2FScreenshot%202025-10-07%20at%2016.03.15.png?alt=media&#x26;token=f76aba41-4a36-4efe-85d9-059fb99fe962" alt="" width="563"><figcaption></figcaption></figure>

2. Select the check boxes for the documents to you want to request.
3. Enter the vendor’s email address.
4. Enter the recipient's email address.
5. Select required document types.
6. You can also add a subject, header and a message to the vendor.
7. Click **Preview & send request**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FXGITzpnEp8Ld8w2wkP5m%2FScreenshot%202025-10-07%20at%2016.08.14.png?alt=media&#x26;token=2c50b47a-b03b-4249-9688-ce74dbfbc88c" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
Vendors receive a secure link to upload their files.
{% endhint %}